Wednesday, January 14, 2015

NEW REGIME - Individual's liability in online frauds capped for first time

NEW REGIME - Individual's liability in online frauds capped for first time

﻿

﻿

In a landmark judgment on
online banking frauds, six banks, a telecom giant and a card company
have been asked to pay out Rs 1.06 crore compensation to customers who
have been victims of various online frauds in the past two years. In
most of the cases, customers had lost money to fraudsters but banks had
held customers responsible for their accounts being compromised.
The order for compensation was issued by the state government's
equivalent of a cyber crime court which is presided over by the
principal secretary in charge of information technology.The
principal secretary , Rakesh Aggarwal, functions as adjudication
officer.
The banks that have been ordered to pay compensation
include Central Bank of India, Royal Bank of Scotland, Punjab National
Bank, IndusInd Bank, Yes Bank, State Bank of India. Other institutions
who have been directed to pay are Vodafone and SBI Cards.
The
order is significant as this is the first time that any authority has
said that an individual's liability in respect of online frauds should
be capped. The Banking Standards and Codes Board of India had earlier
last year suggested that the onus of establishing liability in the event
of online fraud should rest with the banks. Until now banks have been
throwing up their hands whenever a customer's credentials were
compromised, holding the customer fully liable for anyone hacking into
his email or mobile.
Advocate Prashant Mali, who specializes in
IT cases and has appeared for the complainant, said “Banks should
ideally pay off the aggrieved consumer instead of making him
run pillar to post and then spend money in courts and costly appeals.
This way less harassment would be caused to consumers and confident
online banking customers will evolve.“
The largest order has
been against SBI which has been directed to pay Rs 40 lakh to Chander
Kalani whose funds were transferred to an account in London on the basis
of an email. The fraudster had hacked into Kalani's email and
instructed the bank to transfer funds.
In his order directing SBI to pay a compensation of Rs 40 lakh, Aggarwal
observed that “the Banking Codes and Standard Board of India (BCSBI)
unit has issued a Code of Bank's Commitment wherein customers of such
fraud will be liable to the extent of Rs 10,000 only and the bank has to
make good the rest of the amount. But acceptance of this code by banks
is not visible“.
In another case, the account of Prabhakar
Sadekar a businessman, with Punjab National Bank was
hacked and funds transferred to accounts in IndusInd Bank and Yes
Bank.Sadekar did not receive SMS alerts as his mobile accounts were also
cloned. In this case Agarwal had held that banks had not followed RBI
guidelines on money mule accounts and guidelines on information
technology . Vodafone was asked to pay a compensation of Rs 20
lakh for not following reasonable security practices and procedure and
the established guidelines before issuing a duplicate SIM card. PNB,
IndusInd and Yes Bank have been asked to pay Rs 20 lakh, Rs 5 lakh and
Rs 3 lakh respectively .
In the fourth case where a company
, Raatronics, was defrauded of its account in Central Bank by changing
the mobile number in the bank's online database, Central Bank and Royal
Bank of Scotland were asked to pay Rs 8 lakh each for lack of due
diligence. The adjudicating officer also ordered compensation of Rs 1.3
lakh and Rs 1.4 lakh for frauds committed upon users of SBI Credit Card
and SBI's International Debit Card.